esx authentication client profiles: summary
summary
structure contains summary from the list of existing esx.authentication.client_profiles.The structure includes a client profile identifier, subject type, the details of the subject - local user, external user or external group.
Representation:
Attributes:
Name | Type | Description |
---|---|---|
Required | ||
-.summary_type | string | Defines the verbosity of the sumary. Defines the types of esx.authentication.client_profiles.summary members to return from the list method. The profile information could include the access grants or be a shorter summary. Value is one of:FULL: The full profile information, including access grants. NORMAL: A summary containing only the profile identifier and the subject information. BRIEF: A brief summary, containing only the profile identifier. |
-.subject.type | string | subject type Defines the types of subject matching that a client profile is associated with. Value is one of: |
-.subject.privileges.* | string[] | |
Optional | ||
-.client_profile | string | Client profile identifier. Optional. It is only relevant when summary_type has value [BRIEF, NORMAL, FULL]. This field is optional and it is only relevant when the value of |
-.subject | subject | The subject of the profile. Optional. It is only relevant when summary_type has value [NORMAL, FULL]. This field is optional and it is only relevant when the value of |
-.subject.name | string | The user or group name Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of |
-.subject.issuer_alias | string | The security token issuer alias, who created and signed the security token. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER, PRIVILEGES]. This field is optional and it is only relevant when the value of |
-.subject.domain | string | Domain of the principal. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of |
-.subject.privileges | object | Scope privilege mapping. The token issuer may provide a map of scopes and the authenticated user's privilege list on those scopes. Doing so allows a higher layer authorization scheme to be partly mapped into one or more esx.authentication.client_profiles. The token issuer must represent this mapping as a 'privs' claim. Encoded in JSON the claim would appear as follows. "privs": { "scope1": [ "priv1", "priv2", ...], "scope2": [ "priv1", "priv3", ...], ... } Note that this does not specify a subject directly, but rather a set of subjects who have some privilege on an entity. Optional. It is only relevant when type has value [PRIVILEGES]. This field is optional and it is only relevant when the value of |
-.grants | access_grant[] | Access grants. When the list is empty, the matching subjects don't receive grants from this client profile. but will receive grants from other matching ClientProfiles. Optional. It is only relevant when summary_type has value FULL. This field is optional and it is only relevant when the value of |
Attributes:
Name | Type | Description |
---|---|---|
Required | ||
summary_type | string | Defines the verbosity of the sumary. Defines the types of esx.authentication.client_profiles.summary members to return from the list method. The profile information could include the access grants or be a shorter summary. Value is one of:FULL: The full profile information, including access grants. NORMAL: A summary containing only the profile identifier and the subject information. BRIEF: A brief summary, containing only the profile identifier. |
subject.type | string | subject type Defines the types of subject matching that a client profile is associated with. Value is one of: |
subject.privileges[].key | string | |
subject.privileges[].value | string[] | |
Optional | ||
client_profile | string | Client profile identifier. Optional. It is only relevant when summary_type has value [BRIEF, NORMAL, FULL]. This field is optional and it is only relevant when the value of |
subject | subject | The subject of the profile. Optional. It is only relevant when summary_type has value [NORMAL, FULL]. This field is optional and it is only relevant when the value of |
subject.name | string | The user or group name Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of |
subject.issuer_alias | string | The security token issuer alias, who created and signed the security token. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER, PRIVILEGES]. This field is optional and it is only relevant when the value of |
subject.domain | string | Domain of the principal. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of |
subject.privileges | list | Scope privilege mapping. The token issuer may provide a map of scopes and the authenticated user's privilege list on those scopes. Doing so allows a higher layer authorization scheme to be partly mapped into one or more esx.authentication.client_profiles. The token issuer must represent this mapping as a 'privs' claim. Encoded in JSON the claim would appear as follows. "privs": { "scope1": [ "priv1", "priv2", ...], "scope2": [ "priv1", "priv3", ...], ... } Note that this does not specify a subject directly, but rather a set of subjects who have some privilege on an entity. Optional. It is only relevant when type has value [PRIVILEGES]. This field is optional and it is only relevant when the value of |
grants | access_grant[] | Access grants. When the list is empty, the matching subjects don't receive grants from this client profile. but will receive grants from other matching ClientProfiles. Optional. It is only relevant when summary_type has value FULL. This field is optional and it is only relevant when the value of |